Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 K-Means+ID3 A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods Author : Shekhar R.

Published byKerry Porter Modified over 9 years ago

Similar presentations

Presentation on theme: "1 K-Means+ID3 A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods Author : Shekhar R."— Presentation transcript:

1 1 K-Means+ID3 A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods Author : Shekhar R. Gaddam, Vir V. Phoha, Senior Member, IEEE, and Kiran S. Balagani Reporter : Tze Ho-Lin 2007/7/4 TKDE, 2007

2 2 Outline Motivation Objectives Methodology: K-Means+ID3 Experiments Conclusion Personal Comments

3 3 Motivation The ADS related studies cited above have two drawbacks:  1) these works evaluate the performance of anomaly detection methods on the measurements drawn from one application domain.  2) the studies build anomaly detection methods with single machine learning techniques like artificial neural-networks, pattern matching, etc. While recent advances in machine learning show that fusion, selection, and cascading of multiple machine learning methods have a better performance yield over individual methods.

4 4 Objectives We present “K-Means+ID3”, a method to cascade k-Means clustering and the ID3 decision tree bearning methods for classifying anomalous and normal activities in a computer network, an active electronic circuit, and a mechanical mass- beam system. K-Means clusteringID3 decision tree

5 5 Methodology-K-Means+ID3 1. Training 1. Partition the training space into k disjoint clusters C 1, C 2,…,C k. 2. ID3 decision tree is trained with the instances in each K-Means cluster. 2. Testing 1. Candidate Selection phase Candidate Selection phase 2. Candidate Combination phase Candidate Combination phase

6 6 Methodology-Candidate Selection phase

7 7 Methodology-Candidate Combination phase 1. Harden the anomaly scores of the K-Means method by using the Threshold Rule. 2. Nearest-Consensus Rule 3. Nearest-Neighbor Rule (ID3) In their experiments, the threshold is set to 0.5

8 8 Experiments Detection accuracy or true positive rate (TPR), False positive rate (FPR) Precision a/(a+c) Total accuracy (or accuracy) (a+d)/(a+b+c+d) F-measure 2a/(2a+b+c) Receiver operating characteristic (ROC) curves and areas under ROC curves (AUCs).

9 9 Experiments-Data Sets Network Anomaly Data (NAD) Duffing Equation Data (DED) Mechanical Systems Data (MSD)

10 10 Conclusion The K-Means+ID3 method outperforms the individual k-Means and the ID3 in terms of all the six performance measures over the NAD-1998 data sets. The K-Means+ID3 method has a very high detection accuracy (99.12%) and AUC performance(0.96) over the NAD-1999 data sets. The K-Means+ID3 method shows better FPR and precision performance as compared to the k-Means and ID3 over the NAD-2000. The FPR, Precision, and the F-measure of the K-Means+ID3 is higher than the k-Means method and lower than the ID3 methods over the NAD. The K-Means+ID3 method has the highest Precision and F-measure values over the MSD.

11 11 Personal Comments Application  Anomaly Detection System Advantage  It certainly has better performance than individual methods. Disadvantage  Parameter selection problem

12 12 NAD-1998

13 13 NAD-1999

14 14 NAD-2000

15 15 DED

16 16 MSD

Download ppt "1 K-Means+ID3 A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods Author : Shekhar R."

Similar presentations

Applications of one-class classification

Applications of one-class classification
Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.

Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.
Learning Algorithm Evaluation

Learning Algorithm Evaluation
Partitioned Logistic Regression for Spam Filtering Ming-wei Chang University of Illinois at Urbana-Champaign Wen-tau Yih and Christopher Meek Microsoft.

Partitioned Logistic Regression for Spam Filtering Ming-wei Chang University of Illinois at Urbana-Champaign Wen-tau Yih and Christopher Meek Microsoft.
Model Evaluation Metrics for Performance Evaluation

Model Evaluation Metrics for Performance Evaluation
1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.

1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.
Robust Real-time Object Detection by Paul Viola and Michael Jones ICCV 2001 Workshop on Statistical and Computation Theories of Vision Presentation by.

Robust Real-time Object Detection by Paul Viola and Michael Jones ICCV 2001 Workshop on Statistical and Computation Theories of Vision Presentation by.
Benchmarking Anomaly-based Detection Systems Ashish Gupta Network Security May 2004.

Benchmarking Anomaly-based Detection Systems Ashish Gupta Network Security May 2004.
ROC Curves.

ROC Curves.
1 The Expected Performance Curve Samy Bengio, Johnny Mariéthoz, Mikaela Keller MI – 25. oktober 2007 Kresten Toftgaard Andersen.

1 The Expected Performance Curve Samy Bengio, Johnny Mariéthoz, Mikaela Keller MI – 25. oktober 2007 Kresten Toftgaard Andersen.
Machine Learning: Symbol-Based

Machine Learning: Symbol-Based
Chapter 5 Data mining : A Closer Look.

Chapter 5 Data mining : A Closer Look.
Introduction to Data Mining Engineering Group in ACL.

Introduction to Data Mining Engineering Group in ACL.
WAC/ISSCI 20061 Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.

WAC/ISSCI Automated Anomaly Detection Using Time-Variant Normal Profiling Jung-Yeop Kim, Utica College Rex E. Gantenbein, University of Wyoming.
Today Evaluation Measures Accuracy Significance Testing

Today Evaluation Measures Accuracy Significance Testing
A Hybrid Anomaly Detection Model using G-LDA Bhavesh Kasliwal, Shraey Bhatia, Shubham Saini, I.Sumaiya Thaseen, Ch.Aswani Kumar. VIT University – Chennai.

A Hybrid Anomaly Detection Model using G-LDA Bhavesh Kasliwal, Shraey Bhatia, Shubham Saini, I.Sumaiya Thaseen, Ch.Aswani Kumar. VIT University – Chennai.
Repository Method to suit different investment strategies Alma Lilia Garcia & Edward Tsang.

Repository Method to suit different investment strategies Alma Lilia Garcia & Edward Tsang.
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion.
Classifying Tags Using Open Content Resources Simon Overell, Borkur Sigurbjornsson & Roelof van Zwol WSDM ‘09.

Classifying Tags Using Open Content Resources Simon Overell, Borkur Sigurbjornsson & Roelof van Zwol WSDM ‘09.
Anomaly detection with Bayesian networks Website: John Sandiford.

Anomaly detection with Bayesian networks Website: John Sandiford.

Similar presentations

Ads by Google